When disclosure of security vulnerabilities remains a thorny issue
when a vulnerability is discovered on a system, we always ask ourselves the famous question: should it be disclosed where to keep it secret?
At first, we all know that disclosing may be helpful to the protection of each person being affiliated with the system that has just been corrupted.
This article may also be of interest to you: A security flaw on iPhone that could allow iOS Jailbreaks permanently
Indeed, different users will be able to start taking precautions that may save their lives or save their personal data. However, businesses are still cautious. This makes disclosure a fairly sensitive subject.
in an international investigation initiated 451 Research for the Veracode structure, several IT security professionals have questioned on the issue. 90% of respondents to the survey's requests 'considered that the fact that the public disclosure of security vulnerabilities "serves to improve the way whose software is developed, used and corrected." The latter believed that being able to identify its flaws can help to remedy effectively to the problem, and to provide better digital protection.
however we mustn't hide one thing. Publicly informing of the existence of a security breach, is a legal obligation. Because it's about security users.
In spite of this, only 9% of IT professionals who have discovered a recent months have decided to publicly disclose it. by 75% of the institutions surveyed said they had procedures determined reporting bugs or vulnerabilities discovered. However, a third Of they dread this kind of communication.
37 % of the institutions concerned said that they had once he received reports of disclosures that he did not wish to do during these Last 12 months. And one in two organizations have funded Bounty bugs, these security loophole hunts that reward the one who finds them. We all know these are healthier strategies and always end in public disclosure.
by let us not forget that last July Apple blamed Google through its Project Zero to sow the users in a way that does not comply with certain security vulnerabilities related to its devices. To tell the whole truth simply that there is always a problem that a comes about when vulnerabilities are advertised without the true assent of the organization Referred. In addition, a security flaw in principle must be disclosed. Why? Simply because it goes to the safety of users who are in one way or another are related to services dependent on the corrupt system. This includes digital protection, the preservation of their personal data as well as their portfolios.
But that does not mean that these disclosures must be made without control or regulation. If we are to impose it, we must be able to find the right balance. On the one hand, to ensure that the firms concerned do not suffer too much. Indeed, publishing vulnerabilities too quickly can undermine the credibility of firms. Especially if it is a loophole that was born of negligence.
Now access an unlimited number of passwords: